1.1 We are committed to safeguarding the privacy of our website visitors and service users with respect to their personal data. Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
1.2 This policy applies where we are acting as a data controller with respect to the personal data of our website visitors, customers, suppliers and users; in other words, where we determine the purposes and means of the processing of that personal data.
1.4 Our website incorporates privacy controls which affect how we will process your personal data.
1.5 In this policy,‘we’,‘us’ and‘our’ refer to Walford Timber Ltd, Walford Timber Group, Cheltenham Fencing and GMB Manning. For more information about us, see Section 9.
2.1 This document was created using a template from SEQ Legal (https://seqlegal.com).
3. How we use your personal data
3.1 In this Section 3 we have set out:
[a] the general categories of personal data that we may process;
[b] the purposes for which we may process personal data; and
[c] the legal bases of the processing.
3.2 We may process data about your use of our website and services (‘usage data’). The usage data may include your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use. This usage data may be processed for the purposes of analysing the use of the website and services. The legal basis for this processing is your consent and our legitimate interests, namely monitoring and improving our website and services.
3.3 We may process your contact data (‘contact data’). The contact data may include your name, business name, invoice and delivery address, telephone number and email address. The source of the contact data is your submission of an account application form or if you order goods or services from us or contact us by phone, email or via our website or if you sign up to our email newsletter. The contact data may be processed for the purposes of operating our website, providing our services, ensuring the security of our website and services, maintaining back-ups of our databases and communicating with you. The legal basis for this processing is the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract.
3.4 We may process your information included in your personal profile on our website (‘profile data’). The profile data may include your username and password, name, address, telephone number, email address, invoice and billing address and company name purchases or orders made by you, your interests, preferences, feedback and survey responses. The profile data may be processed for the purposes of enabling and monitoring your use of our website and services. The legal basis for this processing is the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract.
3.5 We may process your personal data that are provided in the course of delivering marketing and updates from us or third parties (‘marketing and communications data’). The marketing and communications data may include provision of our services, sending our newsletters and special offers. It also includes your preferences in receiving marketing from us and our third parties and your communication preferences. The legal basis for this processing is necessary for our legitimate interests to develop our products/services and grow our business.
3.9 We may process information relating to transactions, including purchases of goods and services, that you enter into with us and/or through our website (‘transaction data’). The transaction data may include your contact details, your card details and the transaction details. The transaction data may be processed for the purpose of supplying the purchased goods and services and keeping proper records of those transactions. The legal basis for this processing is the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract and our legitimate interests, namely the proper administration of our website and business.
3.15 Please do not supply any other person’s personal data to us, unless we prompt you to do so.
We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
If you fail to provide personal data where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.
How is your personal data collected?
We use different methods to collect data from and about you including through:
- Direct interactions. You may give us your Identity, Contact and Financial Data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:
- order our products;
- create an account on our website;
- subscribe to email newsletter;
- request marketing to be sent to you;
- enter a competition, promotion or survey;
- give us feedback or contact us;
- provided by the referees you give on your account application form.
- Third parties or publicly available sources. We will receive personal data about you from various third parties and public sources as set out below:
Technical Data from the following parties:
[a] analytics providers such as Google based outside the UK;
[b] advertising networks such as Facebook based outside the UK;
[c] search information providers such Microsoft Bing and Google based outside the UK;
[d] contact, Financial and Transaction Data from providers of technical, payment and delivery services Opayo based inside the UK;
[e] identity and Contact Data from data brokers or aggregators Experian based inside the UK; and
[f] identity and Contact Data from publicly available sources such as Companies House and the Electoral Register based inside the UK.
4. Providing your personal data to others
4.1 We may disclose your personal data to any member of our group of companies (this means our subsidiaries, our ultimate holding company and all its subsidiaries) insofar as reasonably necessary for the purposes, and on the legal bases, set out in this policy.
4.2 We may disclose your personal data to our insurers and/or professional advisers insofar as reasonably necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, obtaining professional advice, or the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
4.3 We may disclose your personal details to our suppliers or subcontractors insofar as reasonably necessary for the delivery of your order or the installation of your order.
4.4 Financial transactions relating to our website and services may be handled by our payment services providers, Opayo. We will share transaction data with our payment services providers only to the extent necessary for the purposes of processing your payments, refunding such payments and dealing with complaints and queries relating to such payments and refunds. You can find information about the payment services providers” policies and practices at https://www.opayo.co.uk/polici…
4.6 In addition to the specific disclosures of personal data set out in this Section 4, we may disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person. We may also disclose your personal data where such disclosure is necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
5. Retaining and deleting personal data
5.1 This Section 5 sets out our data retention policies and procedure, which are designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of personal data.
5.2 Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
5.3 We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
5.4 To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
6.1 We may update this policy from time to time by publishing a new version on our website.
6.2 You should check this page occasionally to ensure you are happy with any changes to this policy.
6.3 We may notify you of changes to this policy by email.
7. Your rights
7.1 In this Section 7, we have summarised the rights that you have under data protection law. Some of the rights are complex, and not all of the details have been included in our summaries. Accordingly, you should read the relevant laws and guidance from the regulatory authorities for a full explanation of these rights.
7.2 Your principal rights under data protection law are:
- Request access to your personal data (commonly known as a ‘data subject access request’). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
- Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
- Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
- Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
- Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:
- If you want us to establish the data’s accuracy.
- Where our use of the data is unlawful but you do not want us to erase it.
- Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims.
- You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
- Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
- Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
If you wish to exercise any of the rights set out above, please contact us.
7.3 You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
7.4 We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
7.5 We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated. 7.10 If you consider that our processing of your personal information infringes data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in the EU member state of your habitual residence, your place of work or the place of the alleged infringement. In the UK, data protection is overseen by the Information Commissioner’s Office https://ico.org.uk/
7.11 You may exercise any of your rights in relation to your personal data by written notice to us at the address shown in Section 13 or via email to email@example.com or by telephone n +44(0)1989 940 027
8. About cookies
8.2 A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.
8.3 Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.
9. Our details
9.1 This website is owned and operated by Walford Timber Ltd and its subsidiaries Cheltenham Fencing and GMB Manning
9.2 We are registered in England and Wales under registration number 01136632 and our registered office is at The Sawmills, Walford, Ross-On-Wye, Herefordshire, HR9 5QS
9.3 Our principal place of business is at The Sawmills, Walford, Ross-On-Wye, Herefordshire, HR9 5QS,
9.4 You can contact us:
[a] by post, to The Sawmills, Walford, Ross-On-Wye, Herefordshire, HR9 5QS;
[b] using our website contact form at https://gmbmanning.co.uk/about/contact-us;
[c] by telephone, on +44(0)1989 563614; or
[d] by email, using firstname.lastname@example.org
10. Data protection manager
10.1 Our data protection manager’s contact details are:
George Smith, email@example.com